import requests
from bs4 import BeautifulSoup as bs



####################################################################################################################
def scan(url,session=requests.session()):

    s = session.get(url)
    soup = bs(s.text, 'html.parser')
    forms = soup.find_all("form")
    payload1 = '<img src=1>'
    usefulnames = []
    has_submit = False
    has_token = False
    issafe = True
    for form in forms:
        inputs = form.find_all('input')
        textareas = form.find_all('textarea')
        selects = form.find_all('select')
        data={}
        for input in inputs:
            input_name = input.get("name")
            input_type = input.get("type")
            input_value = input.get("value")
            if input_value and input_type=='hidden':
                has_token=True
                #token=input_value
                data[input_name] = input_value
            elif input_name and input_type == "submit" and input_value:
                has_submit = True
                subkey = input_name
                subvalue = input_value
                data[subkey]=subvalue
            elif input_name :
                # print(input_name+' is useful')
                usefulnames.append(input_name)
                data[input_name] = payload1
        for textarea in textareas:
            textarea_name = textarea.get("name")
            textarea_type = textarea.get("type")
            textarea_value = textarea.get("value")
            if textarea_value and textarea_type == 'hidden':
                has_token = True
                # token=textarea_value
                data[textarea_name] = textarea_value
            elif textarea_name and textarea_type == "submit" and textarea_value:
                has_submit = True
                subkey = textarea_name
                subvalue = textarea_value
                data[subkey] = subvalue
            elif textarea_name:
                # print(textarea_name+' is useful')
                usefulnames.append(textarea_name)
                data[textarea_name] = payload1
        for select in selects:
            select_name = select.get("name")
            select_type = select.get("type")
            select_value = select.get("value")
            if select_value and select_type == 'hidden':
                has_token = True
                # token=select_value
                data[select_name] = select_value
            elif select_name and select_type == "submit" and select_value:
                has_submit = True
                subkey = select_name
                subvalue = select_value
                data[subkey] = subvalue
            elif select_name:
                # print(select_name+' is useful')
                usefulnames.append(select_name)
                data[select_name] = payload1

        # print('++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++')
        # print(data)
        # print('++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++')
        urltest = url + '?'
        for elem in usefulnames:
            urltest = urltest + elem + '=<img+src%3D1>&'
        if has_submit:
            urltest = urltest + subkey + '=' + subvalue
        # print(urltest)
        # print('--------------------------------------------------')
        s = session.get(
            urltest,
        )

        # soup = bs(s.text, 'html.parser')
        # hello = soup.find_all('pre')
        # for i in hello:
        #     print(i)
        if payload1 in s.content.decode():
            issafe = False

        s=session.post(url,data=data)
        soup = bs(s.text, 'html.parser')
        # print(s.text)

        # hello = soup.find_all('pre')
        # for i in hello:
        #     print(i)
        if payload1 in s.content.decode():
            issafe = False
    result = []
    vun = {
        'vun_type':'xss',
        'status':'高危',
        'url':url,
        'description':'reflect',
        'payload':'empty'
    }
    if issafe:
        print(url + "没有XSS漏洞")
        return result
    else:
        s = session.post(url, data=data)
        if payload1 in s.content.decode():
            print(f"\033[33m[!]发现【xss存储型漏洞】在{url}页面上 \033[0m")
            vun['description']='store'
        else:
            print(f"\033[33m[!]发现【xss反射型漏洞】在{url}页面上 \033[0m")
        result.append(vun)
        return result